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MEMORANDUM FOR: Director o£ Data Processing 
25X1 A FROM : 

Director of Communications 

SUBJECT : Headquarters Area Data Distribution (U) 

REFERENCE. : OCC-M-78-166 , dated 10 April 1978 


Pursuant to the SAFE Security Committee's recommen- 
dation contained in the reference, this office studied 
the impact of the factors leading to the SAFE decision on 
other Headquarters area data distribution requirements. 

The policy paper which came out of this study is attached. 
It recommended to the Director of Security that Black 
data distribution be required for all future Headquarters 
systems, and he concurred. (U/AIUO) 


25X1 A 


Attachments : 

’ 1. OC-M79-122 

,2. OCC-M-78-166 
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MEMORANDUM FOR: Director of Security 

Director of Communications 

SUBJECT : Headquarters Area Data Distribution (U) 


1. Action Requested : Your concurrence with a policy 
requiring" encryption of bus communications and encouraging 
an evolution to encrypted data distribution throughout the 
Headquarters area is requested in paragraph three. (U) 

2. ■v Background : The selection of a Black communications 
architecture for SAFE’S wideband communications system (WCS) 
followed a careful examination of security factors both 
unique to SAFE and common to the general problem of classified 
dqta distribution. Inasmuch as SAFE communications on the WCS 
will be secured by end-to-end encryption, the WCS need not and 
will not be: installed with the physical security protection 
features required for a classified plain text (Red) wireline 
distribution system. Since the WCS is intended to provide 
communications capacity for systems other than SAFE, such as 

25X1A the Black architecture decision applies to these 

systems as well. This memorandum will explore further the 
impact of this decision and propose a general policy for the 
protection of Headquarters area data distribution. (C) 

,, 3 . In considering the case for a general Headquarters 

area data distribution policy, it is important to review the 
factors which led to the decision to implement Black 
distribution on the SAFE project. 

■ • a. Protection - A Red wireline distribution 
system relies on conventional physical security 
protection. A Black system provides a higher degree 
of protection because all data is encrypted on an end- 
to-end basis. A Black distribution system also reduces 
TEMPEST hazards by limiting the potential problem areas 
to the information processors and terminal devices. 
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SUBJECT: Headquarters Area Data Distribution (U) 


b. Cost - The SAFE security evaluation concluded 
that although the initial cost of cryptographic 
protection is higher than (but comparable to) the 

cost of physically securing a Red wireline distribution 
system, the additional cost is justified on the basis 
of, the increased protection afforded. 

c. Vulnerability of Bus Communications - An 
inherent characteristic of a bus -type wideband communi- 
cation system is distribution of the totality of system 
communications to all points on its path. Conversely, a 
distribution system using discrete conductors limits 
data distribution to a relatively direct route from 
source to destination. The availability of such a large 
concentration of data at any point on a Red bus adds a 
higher level of concern for the potential vulnerability 
of such systems. (C) 

4. Security through compartmentation is another factor 
which should be considered. SAFE is designed to operate 

in a dedicated mode, i.e., spillage or misrouting of data 
within the system is not a significant security concern. On 
the other hand, the DD0 has levied a requirement for WCS 
service with an explicit request for compartmentation 
protection. . The proposed SAFE cryptographic system _ provides 
compartmentation security for communications as a virtue of 
end-to-end encryption. (C) 

5 . OC is projecting a significant increase in secure voice 
service over < the next few years. Although the security factors 
for voice and data are identical, the magnitude of the voice 
distribution requirement and the lack of available cost- 
effective encryption equipment may make the use of Red 
distribution a necessity for years to come. In the Head- 
quarters building, a shift to WCS for data circuits should 

make considerable Red distribution capacity available for 
expanded secure voice. (C) 

6. Reco mmendation : In consideration of both the security 
factors and the near -future availability of bus communications 
capacity, it is recommended that Black data distribution be 
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required for all new Headquarters data distribution require- 
ments scheduled for implementation after the installation of 
the SAFE wideband communications system. (C) 
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CONCURRENCE : 
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MEMORANDUM FOR: Director of Data Processing 

ChaTrirmn, OS/OC Security Review Committee 
SUBJECT : Security Review of SAFE Proposals (U) 


1. (U/AIUO) Attached are the findings of the Security 

Conunitte^Revic^ for the SAFE proposals submitted 25X 

HPPBHHHI It is the recommendation of the Security 
borxing Group that the BLACK system bus architecture be 
selected for the SAFE program. .. 

# 

2. (C) The three hey factors which impact the conclusions 
and recommendations for the report are: 

a. The totality of sensitive data on a RED bus, 

b. The budgetary constraints for a labor intensive 
on-going line surveillance program deemed essential for 
a RED bus, 

c. The advancement of the state-of-the-art 
anticipated in the field of microminiature technical 
collection equipment. 

3. (U/AIUO) l’!e, ODP/OC/OS, are entering the next 
generation of information handling within the Agency and within 
the" Intelligence Community. It is imperative that crucial 
decisions be made at the entry point to obviate the recognized 
expense of retrofits. 
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Attachment : 
As Stated 
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